'Unlucky 13': Symantec's Security Trends for 2010

After a year of
unprecedented proliferation of spyware, malware and cyber attacks of all types,
security software vendor Symantec warns there's plenty more where that came from in its
just-released 2010 Security Trends to Watch
report.

Hackers and malware purveyors are becoming more sophisticated. Computer users must follow suit by becoming equally wiser and more proactive.

Kevin Haley, Symantec Security Response group product manager, this week posted an
ironic blog entry
titled "Don't Read This Blog" to draw attention to the company's latest report and to
illustrate how Internet users have been conditioned to click any compelling link without
regard to the possible-and often probable -- security consequences of their actions.

"We love to click," he wrote. "Clicking on links and attachments that are accompanied
by just the slightest bit of social engineering appears to be a basic human need."

Whether it's a come-on for what appears to be a friendly game of online
Monopoly or the incessant and sinister pleadings of a
bogus antivirus application, malware scams have become more sophisticated and
damaging with each passing day.

A report released earlier this year by the Anti-Phishing Working Group (APWG) found
that fake anti-malware and security software programs soared up more than 585 percent in
the first half of 2009 alone. In 2007, Gartner said that more than 3.6 million people
lost more than $3.2 billion to malicious phishing scams.

"Yes, it's a cheap trick and not even close to original," Haley wrote of his creative
blog title. "'But' since social engineering plays such a prominent role in future trends,
it seemed appropriate."

The dirty baker's dozen

Whether you're using your mobile phone to check e-mail and surf the Web or an
enterprise IT administrator charged with safeguarding your company's data, Symantec says
the following 13 security issues will be most relevant in 2010:

1. Antivirus is not enough

With the rise of polymorphic threats and the explosion of unique malware variants in
2009, the industry is quickly realizing that traditional approaches to antivirus
(including both file signatures and heuristic/behavioral capabilities) are not enough to
protect against today's threats. We have reached an inflection point, where new malicious
programs are actually being created at a higher rate than good programs.

Approaches to security that looks for ways to include all software files, such as
reputation-based security, will become key in 2010.

2. Social engineering as the primary attack vector

More and more, attackers are going directly after the end user and attempting to trick
them into downloading malware or divulging sensitive information under the auspice that
they are doing something perfectly innocent. Social engineering's popularity is at least
in part spurred on by the fact that what operating system and Web browser rests on a
user's computer is largely irrelevant, as it is the actual user being targeted, not
necessarily vulnerabilities on the machine.

3. Rogue security software vendors escalate their efforts

In 2010, expect to see the propagators of rogue security software scams take their
efforts to the next level, even by hijacking users' computers, rendering them useless and
holding them for ransom. A less drastic next step, however, would be software that is not
explicitly malicious, but dubious at best.

For example, Symantec has already observed some rogue antivirus vendors selling
rebranded copies of free third-party antivirus software as their own offerings. In these
cases, users are technically getting the antivirus software that they pay for, but the
reality is that this same software can actually be downloaded for free elsewhere.

4. Social networking third-party apps will fraud targets

With the popularity of social networking sites poised for another year of
unprecedented growth, expect to see fraud being targeted toward social site users to
grow.

As this occurs, and as these sites more readily provide third-party developer access
to their APIs, attackers will likely turn to vulnerabilities in third-party applications
for users' social networking account information, just as we have seen attackers take
advantage of browser plug-ins more as Web browsers themselves become more secure.

Find out how Windows 7 will find its way into the crosshairs of attackers and more on InternetNews.com.